Cloud On premises

General

  1. What are the ports used by the MDM application?

    Ensure that the following ports are open in the proxy/firewall.

    Port Number Type Purpose Connection Traffic
    9020 HTTP ME MDM app and server communication. Inbound to server
    9383 HTTPS ME MDM App and server communication. Inbound to server
    443 HTTPS Should be open on Mobile Device Manager Plus server to reach APN, GCM, WNS server.
    Host address: https://login.live.com; https://*.notify.windows.com; android.googleapis.com; www.google.com;
    Open the following domains based on the country that the server is located:
    US : gslb.secb2b.com; us-elm.secb2b.com; us-knox.secb2b.com;
    China : china-gslb.secb2b.com.cn ;china-elm.secb2b.com.cn; china-knox.secb2b.com.cn
    Asia, Africa, Europe, or other regions : gslb.secb2b.com; eu-elm.secb2b.com; eu-knox.secb2b.com;
    Outbound to server
    2195 HTTPS Should be open on Mobile Device Manager Plus server to reach APNs.
    Host address: gateway.push.apple.com
    Outbound to server
    5223 HTTPS Should be open, if the mobile device connects to the internet through the Corporate WiFi, it is recommend to configure the IP range 17.0.0.0/8. Outbound from Corporate Network Firewall
    5228, 5229, 5230 HTTPS For the GCM to reach the managed mobile device.
    Host address: android.googleapis.com

    As GCM doesn't provide specific IPs, you should allow your firewall to accept outgoing
    connections to all IP addresses contained in the IP blocks listed in Google's ASN
    of 1516For more details refer this.

    Outbound from Corporate Network Firewall

    Also, ensure Mobile Device Manager Plus server has adequate permission(s) to contact the domains listed here.

  2. What are the domains accessed by MDM for enrolling and managing devices?

    Both the MDM server and the device to be enrolled in MDM must have access to the following domains, which are to be excluded/white listed in firewall and/or any third-party filters. If you're using MDM Cloud ensure mdm.manageengine.com and transmail.net is white listed.

    For all platforms

    White listed only in the server
    • https://creator.zoho.com

    For iOS

    White listed both in the server and the device
    • https://gateway.push.apple.com
    • https://api.push.apple.com
    • https://itunes.apple.com:443
    • http://itunes.apple.com:80
    • https://deploy.apple.com
    • https://vpp.itunes.apple.com
    White listed only in the device
    • https://ax.init.itunes.apple.com
    • https://ppq.apple.com
    • http://is2.mzstatic.com
    • ocsp.apple.com
    • https://buy.itunes.apple.com/
    White listed only in the server
    • https://uclient-api.itunes.apple.com

    For Windows

    White listed only in the server
    • https://login.live.com
    • https://*.notify.windows.com

    For Android

    Non-Samsung devices

    White listed only in the device
    • https://www.google.com
    • mtalk.google.com:5228
    • mtalk.google.com:5229
    • mtalk.google.com:5230
    • android.clients.google.com:443
    White listed only in the server
    • https://android.googleapis.com
    • *.zoho.com:443
    • *.zohoassist.com:443
    • googleapis.com:443
    • accounts.google.com:443

    Samsung devices

    White listed only in the device
    China-only
    • https://china-gslb.secb2b.com.cn:443
    • https://china-elm.secb2b.com.cn:443
    • https://china-knox.secb2b.com.cn:443
    United States of America-only
    • https://gslb.secb2b.com:443
    • https://us-elm.secb2b.com:443
    • https://us-knox.secb2b.com:443
    All other countries
    • https://gslb.secb2b.com:443
    • https://eu-elm.secb2b.com:443
    • https://eu-knox.secb2b.com:443

    For Samsung KNOX Enrollment

    Whitelisted on the firewall
    • *.samsungknox.com:443
    • *.samsungknox.com:80
    • *.secb2b.com:443
    • *.secb2b.com:80
    • https://dir-apis.samsungdm.com:443
    • https://account.samsung.com:443
  3. Do the devices have to be factory reset to be enrolled and managed by MDM?

    No, the devices need not be factory reset(unless specified otherwise) to be enrolled and managed by MDM.

  4. What are the Operating systems supported by Mobile Device Manager Plus?

    Currently, the following software platforms are managed by MDM:

    • iOS version 4.0 and above
    • Android 2.2 and above
    • Windows Phone 8.0 and above
    • Laptops and Surface pro running Windows 10
  5. What are the databases supported by Mobile Device Manager Plus(MDMP)?

    MDMP currently supports pgSQL and MS-SQL.

  6. Does MDM support migration from Cloud to On-Premises?

    No, MDM doesn't support migration from Cloud to On-Premises. Everything from uploading APNs, enrolling devices to distributing apps and/or profiles has to be done again for MDM On-Premises.

  7. Do I need an Apple Enterprise/Developer account to manage iOS devices?

    No, you do not require an Apple Developer Account to manage the iOS devices using Mobile Device Manager Plus.

  8. I do not have a Domain, how do I add ME MDM App to my tablets without using a Domain or Domain e-mail or without connecting to Play Store?

    You can use local authentication and specify a user name and email address. If you want to enroll corporate devices, then you can use Admin Enrollment options such as NFC and QR code for Android devices, DEP and Apple Configurator for iOS and Windows ICD for Windows.

  9. How much network data and battery does ME MDM app consume?

    ME MDM app consumes network data and battery only for downloading apps pushed to the device, with the data consumed depending on the size of the app. Other actions consume negligible network data. Additionally, the consumption varies in case of geo-tracking based on the accuracy level specified.

  10. Why does my device IMEI contain 14 digits instead of 15 digits?

    If the device is CDMA activated, then the IMEI contains only 14 digits and is referred as MEID. You can check the IMEI of your device by dialing *#06#.

  11. Why doesn't my Android device support Android for Work despite running on Android 5.0 or later versions?

    For a device to utilize Android for Work(AfW)-based features and configurations, the OEMs(Original Equipment Manufacturers) must provide support for the same on the devices. If AfW support is not provided for a specific device model by the OEMs, they cannot support Android for Work and hence, features requiring the device to be provisioned as Profile Owner/Device Owner cannot be pushed to the device. Some of the devices supporting Android for Work are listed in these links - link #1, link #2 and link #3.

  12. How to upgrade ME MDM app installed in Android devices?

    If there is an app update available, ME MDM app is silently updated in Non-Samsung devices running 6.0 or later versions, provisioned as Device Owner and all Samsung devices. For other devices, a notification stating the same is displayed in the managed device and the user has to manually update the app.

  13. Why am I unable to enroll devices through invite?
    • Ensure OTP has not expired(It expires after 72 hours).
    • Ensure you do not use OTP in place of Zoho account password or vice-versa. As seen below, in the first case, Zoho account is to specified and in the second, the OTP sent over mail, is to provided.

  14. I do not want to create a new account to be created for every device enrolled in MDM Cloud. Is there any other alternative type of enrollment?

    To avoid using invites, you can prefer Self Enrollment, where the users enroll the devices themselves and Admin enrollment. Admin enrollment as the name suggests, is a type of enrollment where the enrollment process is carried out by the Admin. The other advantage with Admin enrollment, is that the process is automated, requiring minimum user intervention and/or admin action. MDM supports the following types of Admin enrollment for Android:

    The following types of Admin enrollment is supported in iOS:

  15. How do I send Android device logs to MDM Cloud support?

    You can compile the Android logs from the device, either using MDM app or without using MDM app and mail it to MDM Cloud support team(mdmcloud-support@manageengine.com)

    Without using MDM app

    Using MDM app

    Without using MDM app

    • Navigate to Agent Log Directory. <Device storage location>/memdm/agent/logs
    • The file mdm*.txt contains the agent logs.
    • Kindly zip these files and send it to mdmcloud-support@manageengine.com

    Using MDM app

    The other option is to send the logs directly from the MDM app. Open the MDM app, click on the horizontal blue bar at the top 5 times.

    Provide logs@memdm as password and then specify the issue details. Click OK to send the logs.

  16. How do I send iOS device logs to MDM Cloud support?

    You can compile the iOS logs from the device, using MDM app and mail it MDM Cloud support team(mdmcloud-support@manageengine.com)

    • Open the ME MDM App in the managed device.
    • Navigate to Support tab.
    • Select Collect logs. A notification is shown when the logs are successfully compiled. These logs get automatically mailed to the Cloud support team.
  17. What happens when my trial expires or when I move from Trial edition to Free edition ?

    MDM provides you with a 30-day trial of the Professional Edition, where you can manage unlimited devices and add unlimited additional technicians. Once the 30-day trial expires, you can either extend you trial, purchase the product or move to Free edition. After trial expiry if you move to the Free edition, you are allowed to choose the devices(up to 25) that you want to manage. All the apps and profiles distributed to these devices as well as other configurations associated to the selected devices are retained. Free Edition is similar to Trial edition except that Free Edition allows a maximum 25 devices to be managed and no additional technicians can be added.

  18. Why am I unable to sign up with MDM Cloud service?

    When trying to sign up, you encounter an error stating you are part of another organization such as "Access denied for this service. Please contact your Org (<org_name>) administrator [admin@org.com], it implies you are already a registered user as your organization has registered for Zoho Services. There is a super admin assigned for Zoho Services, who is the only who can sign up for any other Zoho service including MDM Cloud. If the super admin has signed up for Zoho services, you may request the super admin to add yourself as a technician to use MDM Cloud. In case you want to try MDM Cloud, you can use an alternate e-mail address to sign up and use the service. If you get redirected to https://mdm.manageengine.com/enroll.do, then you may request the super admin to add yourself as a technician to use MDM Cloud.

  19. What are the pre-requisites for enrolling a device in MDM Cloud?
    • The URLs mdm.manageengine.com and transmail.net must be white listed for enrolling a device in MDM Cloud.
    • If you're enrolling devices through invitation, ensure these two e-mail addresses: noreply@zohoaccounts.com and noreply-mdmcloud@manageengine.com must be white listed as well. If users don't have a Zoho account, they receive two mails. The former is used for sending join the organization mail(for creating Zoho account) and the latter is used for mailing the enrollment request. Modify the mail spam filter to ensure these mails don't fall into spam. If the user already has a Zoho account, only the enrollment request is sent.
    • Create a Zoho account using e-mail and then follow the instructions provided in the enrollment request to enroll your device to MDM Cloud.

Enrollment

  1. What are the pre-requisites for Device Enrollment?

    The prerequisites for enrolling a mobile device are:

    • Creating APNs (applicable only for iOS)
    • Configuring Proxy Settings (On-premises only)
    • Configuring Mail Server settings (On-premises only)
    • Setting up the user authentication type.
    • The device that needs to be enrolled should be accessible through the internet in order to receive the email with enrollment settings.
  2. What are the pre-requisites for Self Enrollment?

    End user should have the following for self enrolling a device.

    • Connection to the Internet
    • Self Enrollment URL
    • Active Directory Authentication.
  3. Do I need to re-enroll my mobile devices after changing the Public IP address for NAT settings? (On-premises)

    No, You need not re-enroll the managed mobile devices, because the mobile devices will reach the Mobile Device Manager Plus server using the external IP.

  4. Why does my Android device show the error "Device already provisioned", when trying to enroll a device using NFC enrollment?
    Android devices running 5.0 or above, enable an implicit Activation Lock by default on associating a Google account with the device. When the device is corporate/complete wiped, the device retains the Google account details and the Activation Lock is still enabled. So on trying to enroll this device after wiping using NFC enrollment, the error "Device already provisioned" is displayed, as the device is already associated with a Google account. The implicit Activation Lock can be disabled only by providing the Google Account details, associated with the device previously.
  5. Why have the users not received the join organization mail yet, despite having sent an enrollment request?
    • Ensure all the pre-requisites listed here<will link to the relevant FAQ, not doing it now coz of existing anchor issues> have been configured.
    • The mail could have fallen into the Spam/Junk folder. Verify the same and if yes, change the e-mail spam/junk filter criteria.
    • Verify your anti-virus configuration to ensure it has not blocked the enrollment requests from being sent.
    • Verify POP/IMAP configuration setup in the router web interface, if configured. Ensure it is not blocking the enrollment requests from being sent.

    If the issue is not still not fixed, contact MDM Cloud support(mdmcloud-support@manageengine.com)

  6. I want to change the e-mail address with which I signed up on MDM Cloud. How to do that?
    • Open this link and sign in with the Zoho account if need be.
    • Specify the new e-mail address.
    • A verification mail is sent to the new e-mail address.
    • Once verified, MDM automatically updates the new e-mail address.

    In case you need to make a secondary e-mail address as primary, click on the mail icon present against the mail address. This makes the selected e-mail address as primary.

    In case you want to change the e-mail address of any technician, you follow the same process to change the e-mail address of the technician,
  7. One of my organization users signed up with MDM Cloud, instead of enrolling the device. How to have the device enrolled?
    • Open this link and sign in with the Zoho account, if need be.
    • Click on Delete Organization present under Dashboard
    • Click on Delete to remove the user-created MDM account. Note that, this also removes all the Zoho services which has been configured with this account. If the user is utilizing Zoho services for personal use, this also gets deleted. If the user is unsure about the services being used with the Zoho account, contact support(mdmcloud-support@manageengine.com)
    • After the account is deleted, sign out of Zoho Accounts and close the browser window.
    • Follow the instructions specified in the enrollment mail, to proceed with the enrollment.
  8. What are the pre-requisites for adding users or enrolling devices?

    In case multiple teams(referred henceforth as org) in your enterprise use any Zoho service, follow the instructions specific to your scenario.

    • If the user doesn't have an existing MDM account, the user can access the link in the invitation to join the org.
    • If the user is already a part of another org, the user must ask the super admin of this org to remove the user. The user can then access the link in the invitation to join the org.
    • If the user is the super admin in the other org, the user must assign another user as super admin. The new super admin must remove the user. Now, the user can access the link in the invitation to join the org.
    • If the user is the only active user in the other org, the user must delete the org account as explained here. Now, the user can access the link in the invitation to join the org.
  9. Why do I get a page titled "Welcome to Device Enrollment", when I try to access MDM Cloud or try enrolling a device?

    If this page is displayed when trying to enroll a device, ensure your accessing the appropriate enrollment URL from the device to be enrolled.
    If this page is displayed when trying to access MDM Cloud, ensure your MDM Cloud admin has added you as a user.

  10. How can we unmanage a device enrolled using Apple DEP?

    A device enrolled using Apple DEP cannot be unmanaged simply by factory resetting the device. To unmanage this device, we first need to remove the device from the DEP server and then reset the device in Recovery Mode.

  11. What are the prerequisites that need to be met before using Apple Configurator to enroll iOS devices?

    Ensure the following before enrolling devices using Apple Configurator:

    • If the devices to be enrolled are bought from authorised reseller and DEP is available in your country, it is recommended to use DEP for enrolling these devices.
    • If the devices to be enrolled were already in use, check if Activation Lock is disabled by going to Settings -> iCloud and turning off Find my iPhone.

Profile Management

  1. What is behavior of Restriction policy in iOS devices?

    Mobile Device Manager Plus assures high security through restriction policies. Whenever more than one policy is applied for a same cause, whichever policy provides more security will get applied automatically. For example, assume two restriction policies are assigned to a device, where one is applied to authenticate the usage of camera and the other is to restrict the usage of camera, the policy which assures high security will get applied automatically. So the usage of camera will be restricted in the device.

  2. Can a passcode policy forced on the mobile device be revoked by the user?

    No, passcode policy that is forced on the mobile device cannot be revoked by the user. Though users can disable passcode settings on their device, users will be forced to set passcode when the device is unlocked. However if MDM profile is removed from the device the device can no longer be managed by Mobile Device Manager Plus.

  3. What do you mean by imposed policies?

    Policies and Restrictions which are applied successfully to the managed mobile device are called imposed policies.

  4. What is meant by violated policies?

    Administrator instructs the users to accept the Policies and Restrictions which are pushed to the device. When the user over rules the policies and restrictions, then those policies and restrictions are called as violated policies.

  5. What is the difference between Idle Timeout before lock and Grace Period for device lock?

    Idle timeout before device lock specifies the time allowed for the device before the screen turns off. This is similar to the settings that can be configured in the device (Settings > General > Auto Lock). Grace period for device lock refers to the time allowed for the user before prompting for a passcode. The screen of the device turns off and when the user slides the arrow to unlock the screen he would be prompted to enter his passcode. This is similar to the settings that can be configured in the device (Settings>General>Passcode Lock).

  6. Can OS updates be restricted on managed iOS devices?

    No, Apple doesn't permit MDM solutions to restrict OS updates. However, MDM provides a workaround to prevent OS updates as explained here.

  7. Can the user be restricted from changing the date and time settings on iOS devices?

    Restricting users from changing the date and time settings on devices is not permitted by Apple. Mobile Device Manager Plus can restrict the user from accessing any settings by running the device in Kiosk Mode where the device has access only to one app. Another method that can be used is, by ensuring the required apps are dependent only on the network date and time and not the device date and time.

  8. How to prevent users from accessing the Settings on the devices?

    In case of iOS devices, the settings can be restricted by disabling the individual settings under Restriction in Profiles. For Android devices, the Settings app can be disabled by disabling the option "Modify default device settings" under Restrictions in Profiles.

    In addition to these methods, user can be prevented from changing any settings by running the device in Single App Kiosk Mode.

  9. Can we use Mobile Device Manager Plus to distribute contacts to iOS devices?

    You can make use of the CardDAV profile to distribute contacts to the managed devices. Here you can make use of Google contacts or any other third party service that supports CardDAV.

  10. Can we prevent users from adding iCloud accounts to managed devices?

    You can restrict users from modifying accounts on the devices by navigating Device Management -> Profiles -> Restrictions -> Advanced Security and restricting the Modify Account Settings option.

    The user will not be able to modify accounts like mail accounts, iCloud and iMessage settings. If you want to completely restrict iCloud, then navigate to Profiles -> iCloud and restrict it. This will completed restrict the apps from syncing with iCloud and also the device backup on iCloud.

  11. Can MDM be used to pre-configure essential settings such as Wi-Fi and E-mail over-the-air without any user intervention?

    Yes, you can configure E-mail, Wi-Fi and other essential settings(such as VPN, Exchange etc.,) across platforms on MDM server and then associate it to groups. Devices added to this group on enrollment, are automatically distributed the configured policies and thus, getting pre-configured on device. Know more about all the policies supported by iOS, Android and Windows in MDM.

App Management

          1. What is the difference between App Store Apps and Enterprise/In-house Apps?

            App Store apps are those which are available in the App Store. They can be either paid App or free app. Enterprise apps, also called as In-House apps are specially developed and designed for every Enterprise. This is unique and completely owned and distributed by the Enterprise itself.

          2. How to disable App Store on the managed devices, without affecting the installation of apps distributed via MDM?

            You can restrict App Store on managed devices, by creating a profile and navigating to Restrictions -> Applications and restricting Users can install apps from App Store. This ensures only apps distributed through MDM can be installed on the device(must be running iOS 9.0 or later versions). If this is restricted for devices running other OS versions, even MDM-distributed apps cannot be installed on the device.

          3. What is Volume Purchase Program (VPP)?

            Volume Purchase Program(VPP) is used for purchasing app licenses in bulk and distributing the same to user either through managed distribution or redemption codes. Know more about Volume Purchase Program here.

          4. What is an .apk file?

            'APK' refers to application package file. Android program files are compiled in a package as .apk file, which is used for distributing the apps. When you need to add an android App to the App Repository you need to ensure that the android app is in .apk format.

          5. What will happen if I distribute an iOS app to Android and Windows devices?

            Mobile Device Manager Plus app distribution is designed in such a way that you can only distribute iOS apps to iOS devices, Android apps to Android devices and Windows apps to Windows devices.

          6. Why should I enable 'Device Administrator' in my Android mobile device?

            Device Administrator should be enabled in the Android mobile device to authenticate Mobile Device Manager Plus Mobile Device Management to perform remote management activities in the device.

          7. Can we install App Store apps without entering Apple ID?

            App Store apps can be installed without entering Apple ID, as explained here.

          8. Can you revoke the license code after installing the App?

            Yes, with the help of iOS app license management feature in VPP, Mobile Device Manager Plus will let you to revoke and reassign app licenses to the required user device.

          9. Why should I renew APNs a month prior its expiry?

            If the APNs certificate has expired, Apple Push Notification service will not be able to contact the managed mobile devices. Renewing an APNs after expiry is the same as creating new APNs, which means all the devices need to be enrolled again to be managed. Assume that the APNs expires on 30th of June, you need to ensure that you renew your APNs well before the expiry date and update it in the Mobile Device Manager Plus server. All the managed mobile devices should contact Mobile Device Manager Plus server at least once before 30th of June. If any of the managed mobile device fails to contact the Mobile Device Manager Plus server, then those devices should be enrolled again. Hence we recommend renewing APNs before a month of its expiry.

          10. Should the user have to use the Apple ID password while installing the Apps from App Catalog?

            Yes, the user has to enter the Apple ID to install the apps. To install apps silently or without requiring Apple ID, refer to this.

          11. Can I use Mobile Device Manager Plus to force install Apps on the managed Devices?

            Yes, force installation is supported on iOS devices as explained here and supported on Android devices if enrolled as Device Owner as explained here. Android enterprise apps can be force installed in Samsung devices, without any additional configuration.

          12. What are the prerequisites for Windows Phone Enterprise App Distribution?

            For mobile devices running Windows 8 and 8.1, the steps to perform App distribution:

            • You have to register a company account on Windows Phone Dev Center and obtain an enterprise certificate from Symantec
            • You should generate an application enrollment token (AET)
            • Upload the generated AET file into the server (MDM -> App repository -> Windows app settings -> App distirbution certificate -> Configure)
            • Before adding enterprise apps in app repository, you have to sign the app using AET. For more details visit help.
          13. What is AET? What is its purpose?

            AET refers to Application Enrollment Token. The Windows Phone 8 operating system requires users to enroll each device with the enterprise before users can install company applications on their devices. Only way to achieve this is using Application Enrollment Token, which enables you to distribute enterprise applications on a Windows Phone 8 device. For more information visit help.

          14. How to verify the whether a work profile has been installed in the managed Android device?

            Work profiles are installed when Android devices are provisioned as Profile Owner using Android for Work. To verify whether Work profile has been installed in the device, go to Settings, and select Accounts. Work profile is listed under the Work section.

          15. How to uninstall a work profile from the managed Android device?

            In Android devices running 5.0 or later versions, go to Settings, click on Accounts and select Remove work profile. Click on Delete to confirm the removal of all apps and data within the work profile.

          16. What is the behaviour of app permissions when a device is put into Kiosk Mode?

            Once a device is put into Single App Mode, no permission prompt will be generated. This means that the app cannot access any other features that use camera, contacts, or location services. The admin should allow these settings before putting the device into Single App kiosk.

          17. What are the prerequisites to distribute enterprise apps using Mobile Device Manager Plus?

            Follow one of the given methods to distribute enterprise apps using Mobile Device Manager Plus:

            • Enterprise Distribution: If you have a development team which is familiar with developing apps, you can choose this method. Ensure the setting "Save for Enterprise Distribution" is enabled, while the app is being developed.
            • B2B App Distribution: If you do not have the resources to develop the app in-house, you can make use of B2B app distribution. Follow the steps given here for B2B apps.
          18. What will happen if we move a VPP token from one server to another or if the same VPP token is used in two different MDM servers?

            When a VPP token is removed from a server, the licenses used to distribute the apps will be reverted to your account. When you use this token on another server, the licenses can be used to distribute the apps to the devices.

            It is not possible to use the same VPP token on multiple MDM server, as each MDM server manages the complete set of licenses purchased with the token. This results in the MDM server revoking the licenses of the apps distributed to devices and also removes the apps from the devices.

          19. How can we ensure that the user does not install/uninstall apps from managed devices?

            We can prevent the installation and uninstallation of apps from devices by applying a few restrictions to devices.

            1. Under Device Mgmt, select Profiles.
            2. Choose the OS of the device to which the profile is to be applied.
            3. Under Restrictions, click on Applications.
            4. Restrict the options, Install Apps and Uninstall Apps.
            5. Publish and distribute the profile to devices.
          20. Does MDM allow enterprise iOS apps to be installed silently, without user intervention?

            Yes, you can install enterprise apps silently on iOS devices, if they are Supervised. Firstly, add the enterprise app source .ipa file to App Repository. Distribute it to devices and/or groups, after ensuring the Force Install option is enabled in Distribution Settings

          21. Does MDM allow enterprise Android apps to be installed silently, without user intervention?

            Yes, you can install enterprise apps silently on Android devices as explained here

          22. Can MDM be stop and/or control app updates on managed iOS devices?

            Yes, you can stop and/or control app updates on managed iOS devices, if the apps are distributed and installed on the devices through VPP. Also, ensure Without Apple ID is selected during the initial VPP settings. This allows the app to be installed without requiring Apple ID and the app gets associated to the device instead of Apple ID, which is how it is usually associated. As the app is not associated with the Apple ID present on the device, the App Store doesn't notify the users of possible app updates, when distributed through MDM. You can choose to force app updates on the device as explained here

          23. Can MDM be stop and/or control app updates on managed Android devices?

            Yes, you can stop and/or control app updates on managed Android devices, if the apps are distributed and installed on the devices through Android for Work. When approving the apps in Google Play for Work, select Revoke app approval when app request new permissions, in Approval Settings. When this options is selected, the app gets removed from the Play Store present on the device and thus, the user cannot update the app. You can choose to force app updates on the device as explained here

          24. Can I remove user installed apps using MDM?

            Yes, you can remove apps present on the devices, by blacklisting them as explained here

Security Management

                    1. How can we manage BYOD?

                      "Bring Your Own Device" (BYOD) being the integral part of Mobile Device Manager Plus, you can ensure the security of corporate data. Whenever any user's personal device is lost, or the employee quits an organization, administrators can execute security commands like corporate wipe or complete wipe to ensure data security. Hence Mobile Device Manager Plus MDM is a smart choice for every enterprise to manage BYOD.

                    2. What is difference between Complete Wipe and Corporate Wipe?

                      Corporate wipe is a security command used to wipe data on the device. This security command is mostly used to secure the corporate data from devices, when they are lost. Corporate Wipe is used to remove only the configurations and Apps that have been pushed using Mobile Device Manager Plus and this command will not wipe any personal data of the user.

                      Corporate Wipe will remove Exchange Server or Email only, if they are configured via Mobile Device Manager Plus. This includes, the files and documents shared using the corporate e-mail.

                      Complete wipe command is used to wipe all in the data in the device, which makes the device as good as a new.

                    3. Can you wipe the data from the device's external memory?

                      Yes, you can wipe data on the device's external memory.

                    4. How to protect Corporate Data on the mobile devices?

                      You can secure corporate data on mobile devices by applying the following restrictions:

                      • Disabling Screen capture
                      • Disabling Backup (iCloud)
                      • Disabling Document Sync
                      • Disabling Photo Stream
                      • Disabling Shared Stream
                      • Disabling User to accept untrusted TLS Certificates
                      • Forcing Encrypted Backups.
                      • Configuring Email settings to restrict data forwarding.

                      These restrictions will help you to secure Corporate data on mobile devices.

User Management

                    1. How do I add users(technicians) to manage devices?

                      You can associate users to either pre-defined roles or create roles and associate them. Additionally, you can modify the users, their roles and even delete them. Know more about user management here

                    2. How to add a user and grant the user read-only privileges?
                      • On the MDM server, navigate to Admin tab and select User Administration, present under Global Settings .
                      • Click on Add User. Provide the required details and specify the role as Guest. This ensures the created user has read-only access.
                    3. How to change Super Admin privilege from one user to another?
                        • Login here with Zoho account. All the services being used by the Zoho account are listed.
                        • Click on the pencil icon present against the Super Admin Name, to change the Super Admin, as shown in the image below.
                      • All the user added administrators on MDM Cloud are listed. Select the new Super Admin. The Super Admin E-mail Address gets modified automatically.

                      It is to be noted the Super Admin of all the Zoho services are changed, when this is done.

Pricing

              1. How to purchase MDM Cloud?
                • On the MDM server, navigate to Admin tab and select Subscription, present under Global Settings.
                • Fill in the number of devices you want to manage and other required details. Click on Buy Now.
                • On clicking, Zoho Store page is opened. Review and confirm your order.
                • Proceed and provide your payment method. On successful completion, your MDM Cloud license will be activated immediately.

                This is a pay-as-you-go Service and can be mended as and when you need. Additionally, you can also purchase offline(Non-Store) by mailing to sales@manageengine.com.

              2. How to reactivate my license, if it has expired?
                • On the MDM server, navigate to Admin tab and select Subscription, present under Global Settings.
                • Click on Manage Plan.
                • On clicking, Zoho Store page is opened. Renew your license here.
                • On successful completion, your MDM Cloud license will be activated immediately.
                In case you're denied access to MDM server, click on the Buy Now to proceed with the reactivation.
              3. What are the types of payments supported by MDM Cloud?

                Payments are securely done using Zoho Store. MDM Cloud supports payment via Visa, MasterCard, American Express and PayPal. You can also purchase offline(Non-Store), by mailing to sales@manageengine.com.

              4. How do I modify my MDM Cloud license?
                • Modify your license by navigating to this link(sign up with the Zoho account, if need be). Click on Manage Plan, which re-directs you to Zoho Store.
                • Hovering on the plan, lets you add/remove the number of devices to be managed. Similarly, hovering on technicians and multi-language support, lets you add/remove technicians and unsubscribe multi-language support respectively, as shown in the image below:
                • Assume you want to add more devices for management. Click on the plan and specify the number of devices you want to manage.
                • On specifying the additional devices, the required cost to be paid is displayed. You can then continue with the payment and finish the purchase.
              5. How to change payment method from offline(Non-Store) to online?

                For changing payment method from offline(purchasing licenses by mailing to sales@manageengine.com) to online,

                • On the MDM server, navigate to Admin tab and select Subscription, present under Global Settings. Click on Manage Plan, which redirects you to Zoho Store. Now click on the Payment Method link as seen in the image below
                • Provide credit card details and click on Update, to modify your payment method.
              6. How to modify the specified credit card details?
                • Login here with the same Zoho account used for signing in with MDM Cloud.
                • All the information about your billing cycle, card details and billing address can be viewed here. Click on Change Card to edit or update your card details

                You can also change the billing address here as well. All your confidential data is secured using VeriSign.